Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bnc1YW6byzTqgQKrvwDWerCkmEY.roa
File:                     bnc1YW6byzTqgQKrvwDWerCkmEY.roa (raw, json)
Hash identifier:          USijfAE9doJtXkVHHuBj0XEIKqKBT2IMBfO61EZAw3Y=
Subject key identifier:   6E:77:35:61:6E:9B:CB:34:EA:81:02:AB:BF:00:D6:7A:B0:A4:98:46
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       018CDE0AF136DA793DADB10E10373B4A0CCE
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bnc1YW6byzTqgQKrvwDWerCkmEY.roa
Signing time:             Sat 06 Jan 2024 09:11:48 +0000
ROA not before:           Sat 06 Jan 2024 09:11:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34918
IP address blocks:        89.44.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 11:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:de:0a:f1:36:da:79:3d:ad:b1:0e:10:37:3b:4a:0c:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Jan  6 09:11:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6e7735616e9bcb34ea8102abbf00d67ab0a49846
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:87:11:32:8b:a9:65:e2:36:87:42:e6:2c:8c:
                    2a:dd:39:c9:7b:1d:3c:e4:a8:e7:36:25:90:00:4b:
                    36:b7:34:f0:7c:c5:c7:8c:aa:75:f3:dd:04:fc:1b:
                    35:3c:13:d8:6f:ec:8d:cf:d0:35:21:89:e6:5a:11:
                    fa:a3:dc:ec:52:eb:c1:62:89:3c:bc:67:72:4f:5a:
                    2d:60:cb:2b:3d:76:7e:63:75:91:a0:42:9a:41:b0:
                    07:80:e4:1c:b4:13:ad:38:88:1d:ba:5e:8c:06:4b:
                    31:19:c7:57:9d:3c:49:b0:be:a1:ed:eb:94:fb:a6:
                    aa:b8:cd:82:0c:69:56:42:bc:f4:f9:9a:d5:ff:c0:
                    d7:0f:7f:5f:e7:22:c0:af:48:20:2b:53:79:f0:e7:
                    93:e5:38:9b:5a:70:a9:5e:9d:8f:97:53:14:dd:78:
                    f2:09:51:a1:02:92:18:ed:0c:1c:e0:1f:88:f2:31:
                    50:b6:41:eb:00:43:13:d6:bc:7e:27:a3:cd:1a:ba:
                    11:88:4a:96:83:2f:45:bb:4b:9e:f3:d4:c6:77:00:
                    bb:31:9d:66:4c:7e:c1:c1:aa:8a:1a:95:e9:2d:94:
                    30:57:83:aa:5a:ef:e3:9f:77:f5:6c:af:0d:28:62:
                    2f:01:0b:19:fe:c0:d4:c6:13:5a:a5:d0:80:ca:d8:
                    a9:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:77:35:61:6E:9B:CB:34:EA:81:02:AB:BF:00:D6:7A:B0:A4:98:46
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bnc1YW6byzTqgQKrvwDWerCkmEY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.44.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:56:7c:d2:2e:53:ab:52:91:d2:91:df:23:79:12:18:a9:d4:
         cf:97:df:cf:d1:4c:b8:70:01:f7:9a:4d:4f:4d:ea:b4:c1:af:
         41:23:b7:41:cb:31:1e:ba:3b:af:e7:9e:01:66:23:27:7f:1b:
         36:3e:07:a0:c7:4c:05:cc:8e:75:02:cf:21:e3:19:54:31:51:
         59:eb:9d:7c:3f:27:3c:4d:99:2c:6b:89:49:76:1d:d5:b0:63:
         40:e3:ab:06:c5:12:3b:bc:36:75:aa:a4:82:55:55:13:49:c7:
         0d:75:42:e7:b6:72:cb:1a:a9:4a:1a:35:47:b0:b4:be:cf:2e:
         59:0b:db:6f:a5:35:3c:2b:30:21:e3:37:28:00:a7:35:ff:28:
         e6:eb:1e:05:f6:4c:db:9b:f0:9f:fb:84:84:a6:33:14:db:24:
         35:24:a0:10:12:f7:e1:14:7d:f4:fb:40:6e:6b:05:66:9b:0f:
         36:e0:6c:f1:d4:65:73:a5:92:de:a5:23:b6:da:bd:ea:27:88:
         10:85:86:d7:5e:74:98:9b:1d:af:d6:c0:d9:84:2e:6e:84:96:
         82:b1:ad:49:ee:31:c2:ca:3f:c8:5b:d0:f5:97:85:40:66:e4:
         49:7b:a7:a8:d2:4a:b7:f4:e1:67:b5:63:c9:80:05:3b:ea:9e:
         f5:81:05:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzeCvE22nk9rbEOEDc7SgzOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjQwMTA2MDkxMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTc3MzU2MTZlOWJjYjM0ZWE4MTAyYWJiZjAwZDY3YWIwYTQ5ODQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlocRMoupZeI2h0LmLIwq3TnJex08
5KjnNiWQAEs2tzTwfMXHjKp1890E/Bs1PBPYb+yNz9A1IYnmWhH6o9zsUuvBYok8
vGdyT1otYMsrPXZ+Y3WRoEKaQbAHgOQctBOtOIgdul6MBksxGcdXnTxJsL6h7euU
+6aquM2CDGlWQrz0+ZrV/8DXD39f5yLAr0ggK1N58OeT5TibWnCpXp2Pl1MU3Xjy
CVGhApIY7Qwc4B+I8jFQtkHrAEMT1rx+J6PNGroRiEqWgy9Fu0ue89TGdwC7MZ1m
TH7BwaqKGpXpLZQwV4OqWu/jn3f1bK8NKGIvAQsZ/sDUxhNapdCAytipywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG53NWFum8s06oECq78A1nqwpJhGMB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvYm5jMVlXNmJ5elRxZ1FLcnZ3RFdlckNrbUVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSzzMA0G
CSqGSIb3DQEBCwUAA4IBAQCcVnzSLlOrUpHSkd8jeRIYqdTPl9/P0Uy4cAH3mk1P
Teq0wa9BI7dByzEeujuv554BZiMnfxs2Pgegx0wFzI51As8h4xlUMVFZ6518Pyc8
TZksa4lJdh3VsGNA46sGxRI7vDZ1qqSCVVUTSccNdULntnLLGqlKGjVHsLS+zy5Z
C9tvpTU8KzAh4zcoAKc1/yjm6x4F9kzbm/Cf+4SEpjMU2yQ1JKAQEvfhFH30+0Bu
awVmmw824Gzx1GVzpZLepSO22r3qJ4gQhYbXXnSYmx2v1sDZhC5uhJaCsa1J7jHC
yj/IW9D1l4VAZuRJe6eo0kq39OFntWPJgAU76p71gQXg
-----END CERTIFICATE-----